Vulnerabilities > CVE-2021-28690 - Unspecified vulnerability in XEN

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

xen

NVD

Published: 2021-06-29

Updated: 2021-09-21

Summary

x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability. Please see https://xenbits.xen.org/xsa/advisory-305.html for details. Mitigating TAA by disabling TSX (the default and preferred option) requires selecting a non-default setting in MSR_TSX_CTRL. This setting isn't restored after S3 suspend.

Vulnerable Configurations

Part	Description	Count
OS	Xen XEN XEN 4.15.0 XEN XEN 4.12.0 XEN XEN 4.12.1 XEN XEN 4.12.2 XEN XEN 4.12.3 XEN XEN 4.12.4 XEN XEN 4.13.0 XEN XEN 4.13.1 XEN XEN 4.13.2 XEN XEN 4.13.3 XEN XEN 4.13.4 XEN XEN 4.14.0 XEN XEN 4.14.1 XEN XEN 4.14.3	41

References

https://xenbits.xenproject.org/xsa/advisory-377.txt
https://security.gentoo.org/glsa/202107-30